SUMMARY

• Information Security Engineer with strong experience in teh design, implementation, and administration of software and hardware security solutions in enterprise environments.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, SIEM.
• Having good Experience in analyzing security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, network flow systems, Anti - Virus, and/or other security logging sources.
• Conducted vulnerability and compliance scans (i.e. Nessus) to determine overall system risk impacts and provide results to teh customer and information system owner respectively.
• McAfee endpoint security technologies: Drive Encryption (DE) & Enterprise Encryption for PC
• (EEPC), VSE, MOVE-AV, Host Data Loss Prevention, Endpoint Protection for Mac, Management of Native Encryption.
• Experience with Symantec DLP web security gateway to provide security for outbound web content.
• Provided onsite Symantec DLP technical service and support to a large enterprise customer base.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment.
• Installation, configuration, and day-to-day management of Symantec Endpoint Protection
• Configuration, Troubleshooting, Implementation, Installation and Fine-tuning of ArcSight Data Platform.
• Designed and implemented several nationally and internationally deployed Microsoft Active Directory (AD) enterprise networks.
• Responsible for LogRhythm SIEM configuration, management, and monitoring
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Performed System Administration Tasks for Symantec Data Centre Security (DCS).
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Experience in Setup, configure and deploy Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Reviewed and revised client privacy and security policies to ensure they comply with HIPAA standards.
• Installed and configured SIEM (AlienVault) for on-going, in-depth vulnerability analysis.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Ability to maintain confidential information and HIPAA related knowledge.
• Experience with SIEM tool likewise LogRyhtm, Qradar, and Splunk.
• Utilized SIEM solution to research account lockouts and autantication failures while assisting Security .
• Conducted vulnerability assessment using Nessus tool.
• Performed vulnerability scanning using Nessus & Retina. Run intrusion detection system (IDS) with low or no false positives.
• Have Excellent written and verbal communication skills, Analytical, Problem Solving skills, highly motivated, fast learner, lead/work within a team environment.

TECHNICAL SKILLS

Application Servers: DNS, DHCP, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange 2003/2007/2010

SIEM: LogRyhtm,Splunk, Qradar, Arcsight

DLP: Symantec & McAfee

Operating systems: Windows

PROFESSIONAL EXPERIENCE

Confidential, Tampa, Florida

Sr. Information security engineer

Responsibilities:

• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Diagnose and fix issues a variety of networking and software related issues with teh LogRhythm SIEM.
• Participate in L2/L3 Incident Response for organization's SIEM events (LogRhythm).
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess teh impact on client environments.
• Worked on triage and remediation of data loss prevention events, call tickets, and support cases for teh DLP environment.
• Use of LogRhythm SIEM for investigation.
• SIEM: Building software & application to enhance SOC operations and cohere Threat Intel interactions. Creating custom data visualization tools to interpret data correlated from event logs. Designing & implementing security content/use-cases on SIEMs, utilizing various event log sources. Delivering solutions, maintenance and support to currently deployed SIEM engines.
• 24/7 SOC monitoring for SIEM and IPS/IDS, alarm triage, and Forensic Investigation.
• Monitor teh SIEM tools LogRhythm and Splunk.
• Monitor SIEM tool and triage all alerts as they come in to assure teh network is safe
• Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web.
• Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like Arcsight, Solutionary and LogRhythm.
• Monitor critical infrastructure including firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, and disaster recovery sites.
• Worked closely on Data Privacy control frameworks and related laws and regulations (ISO 27000 series, NIST).
• Managing ePO version 5.3 and VSE 8.8 for large enterprise network.
• Manually Installed McAfee NDLP Prevent 10.x ISO.file and configured in McAfee ePO server.
• Implemented, managed and deployed teh McAfee Agent on windows Server’s master image.
• Conducted Benchmarks and File Integrity Monitor checks through Policy Auditor.
• Investigated alerts created by IDS/IPS including malicious file uploads, compromised servers, SQL-injections, and port scanning.
• Managed vulnerabilities with teh aid of NESSUS, Web Inspect as vulnerability scanning tools to detect potential risk on single or multiple asset across teh enterprise.
• Conducted Security Scans using Security Center (NESSUS) to identify System Vulnerability, risk assessment and technical report submission detailing teh vulnerabilities, risk, and remediation action and review assessment results.
• Implemented ArcSight Logger within organization's syslog enclave for long-term data retention and analysis (SIEM).
• Developed Vulnerability Scanning process for all environment builds, and on-going monthly scanning reporting using Nessus.
• Monitoring of events from Data Loss Prevention (DLP) and other information security tools and determined appropriate next steps using knowledge of Corning businesses or processes.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Worked in Security Incident and Event Monitoring SIEM platform - Confidential Qradar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Participated in teh product selection and installation of Qradar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database.
• Responsible to propose rules to teh client to implement into QRadar to trigger security events. Once teh rules were approved, involved to test them and implement them into QRadar.
• Performed investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.

Confidential, Jersey City, NJ

Information security Analyst

Responsibilities:

• Qradar Implementation & its Integration with other N/W devices and Applications and teh troubleshooting work.
• Create logrhythm rules.
• Investigate SIEM alerts.
• SIEM deployment, currently looking at Rapid7, LogRhythm, and others.
• Configuring alarms and dashboards in SIEM (LogRhythm) for detecting threats and abnormal behavior.
• Respond to cybersecurity events from firewalls, IDS/IPS, LogRhythm SEIM and McAfee anti-virus security tools.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye, Bluecoat Proxy, etc
• Monitor SIEM views and draft reports on network activities that may exploit vulnerabilities or cause harm to network hosts
• Manage Splunk (SIEM) configuration files like input, props, transforms etc.
• Upgrading teh Splunk (SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing teh storage and interpretation of logs using Splunk(SIEM) System
• Worked in Security Incident and Event Monitoring SIEM platform - Confidential Qradar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Participated in teh product selection and installation of Qradar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database.
• Analyze and respond to security events and incidents from SIEM, Firewall (FW), Intrusion Detection/Prevention Systems (IDS/IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources.
• Expertise in Creating Scripting for Configuration Backup, Report backup, Qradar Device Reports and for Metric Generation.
• Experience in creating custom views, reporting and automated alerting for both operational and security use using Qradar.
• Experience in Security Incident handling SIEM using RSA Envision and Confidential Qradar products.
• Security incidents to provide management oversight to teh incident process.
• Perform tuning of teh Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Expert Understanding to develop teh complex Use Cases, Universal device support Modules on teh QRadar SIEM. Expert in installing and configuring Splunk forwarders on Linux, UNIX and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix).
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analysing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates
• Performed Monthly and quarterly Scans using Symantec DLP and done teh escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Network and host DLP monitoring and logging
• Performed Monthly and quarterly Scans using Symantec DLP and done teh escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Monitoring and remediating daily security alerts generated by end users with teh tools like Intel/McAfee SIEM, ForcePoints Websense, and Intel/McAfee EPO 5.X and also responsible for TEMPeffectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through teh dashboard by running teh reports all teh time.
• Installed, Configured Symantec End Point Protection on laptops used for remote connectivity
• Co-ordinating pen testing and application security testing audits with PenTest Tools like Metasploit, NMAP, Wireshark and Kali on Linux/Unix operating system.
• Coordinated security scans, remediation to ensure computer security root cause analysis, executive summary, mitigation strategies and tracking remediation efforts that finalized application risk assessments, risk analysis of support systems, site tasks associated with IT Security Checklist.
• Integrated infrastructure devices and security devices to Qradar SIEM.
• Actively used SIEM technology for searching and monitoring real time events for network security and compliance.
• Assisted with review of policy, security alerts, guidance, regulations and technical advances in IT Security Management.

Confidential

Information security engineer

Responsibilities:

• Identifying and implementing practices in security to enhance teh operations of teh clients.
• Maintaining framework to ensure that information security policies, technologies and processes are aligned with teh business regulations of teh clients.
• Managing SIEM- HP Arcsight, Confidential QRadar and Splunk, Rapid7 Nexpose, Forcepoint
• Symantec Data Loss Prevention (DLP) policy engineering
• Experience in Deployment of Symantec HIDS Agents.
• Perform Daily Maintenance of Teh Symantec CSP console by grouping assets According to Function.
• Cleaned Symantec Anti-Virus Environment and brought previously Unprotected Machines into Compliance with Security Policy.
• Conceptualize and implement end-user DLP training materials, enterprise-wide encryption system, Symantec Data insight integration, and Symantec DLP/data security environments support.
• Responsible for Teh on-site Project Management and Integration of Symantec Security Solutions into Client Network Architectures.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managing security incidents in teh organization, key member of Incident Response Team.
• Log analysis and advisories to different customers through RSA envision SIEM.
• Maintaining SOC operations for wireless security across globe for CSC.
• Design and implement teh firewall configuration from scratch which includes failover configure, NAT, interface configuration, SNMP and syslog configuration, maintain backup to Syslog server
• Manage DLP Policies for Multiple clients
• Lead teh deployment, installation, and configuration of Symantec DLP, as well as Enforce, Network Monitor, Network Discover, Web Prevent, Email Prevent, and Endpoint Agent.
• Administer and maintain teh corporate DLP environments while structuring and documenting teh corporate DLP infrastructure environments.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Setup, Configure and Deploy Symantec HIDS on Windows Server 2008 and 2012 and Desktops.
• Responsible for managing Cisco ASA firewalls, IDS/IPS, Symantec HIDS.